General
-
Target
JaffaCakes118_458988d16621bc0e15192e4b4bc44d6c
-
Size
208KB
-
Sample
250128-b18q7stjhj
-
MD5
458988d16621bc0e15192e4b4bc44d6c
-
SHA1
5b627caf57d77e7b44608bd7c59684ce1d69f44a
-
SHA256
2b7da4dd0e3d7028d72b86f8d98a827569b0d74a973f38df3eda927b3ea0ab3b
-
SHA512
2f56a9f176068dfb88ce7f54200df94043976c90c967653e259d1ce241f240251391af2664aecb8e5d842faf068135920df22e5b7a1ff193065eadd3a11cdd2b
-
SSDEEP
3072:tfhicY1twWBWHWVKhqvEzO/V1VrNYQkCA+HFSWvF3TBftWBunob2j:125WHA9DNYtEHhvF3TBlVnobm
Malware Config
Targets
-
-
Target
JaffaCakes118_458988d16621bc0e15192e4b4bc44d6c
-
Size
208KB
-
MD5
458988d16621bc0e15192e4b4bc44d6c
-
SHA1
5b627caf57d77e7b44608bd7c59684ce1d69f44a
-
SHA256
2b7da4dd0e3d7028d72b86f8d98a827569b0d74a973f38df3eda927b3ea0ab3b
-
SHA512
2f56a9f176068dfb88ce7f54200df94043976c90c967653e259d1ce241f240251391af2664aecb8e5d842faf068135920df22e5b7a1ff193065eadd3a11cdd2b
-
SSDEEP
3072:tfhicY1twWBWHWVKhqvEzO/V1VrNYQkCA+HFSWvF3TBftWBunob2j:125WHA9DNYtEHhvF3TBlVnobm
Score10/10-
Gh0st RAT payload
-
Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
-
Gh0strat family
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-